https://www.proofpoint.com/us/blog en https://www.proofpoint.com/us/threat-insight/post/remote-video-conferencing-themes-credential-theft-and-malware-threats Since March 27, 2020, Proofpoint researchers have observed an increase in video conferencing company-themed attacks seeking to steal credentials and distribute malware. These lures capitalize on the global workforce’s shift to remote work and consequential increased demand for video conferencing services during the COVID-19 pandemic. 2020-04-19T22:00:00 The Proofpoint Threat Insight Team node/93756 https://www.proofpoint.com/us/threat-insight/post/coronaviruscovid-19-payment-lures-rise Proofpoint researchers have observed an emerging trend of social engineering lures around COVID-19 financial relief. These campaigns use the promise of payments by global governments and businesses (specifically financial institutions) aimed at easing the economic impact of the ongoing pandemic to urge users to click links or download files. 2020-04-01T03:52:57 Proofpoint Threat Research Team node/93346 https://www.proofpoint.com/us/threat-insight/post/threat-snapshot-coronavirus-related-lures-comprise-more-80-percent-threat Following last week’s update on the overall threat landscape, this blog serves as a current snapshot and provides additional campaign examples aimed at recipients in the U.S., Spain, Portugal, and the Netherlands. 2020-03-27T02:03:31 Proofpoint Threat Research Team node/93251 https://www.proofpoint.com/us/threat-insight/post/whos-using-your-streaming-account-protect-yourself-credential-theft Services like Netflix, Hulu, Disney+, Spotify, and Apple Music have revolutionized the way we access and consume movies, TV shows, and music. This massive shift has not gone unnoticed by attackers, who have found a way to steal consumers’ valid streaming credentials and sell them for extremely discounted prices. When this happens, many times the account holders don’t know that they’re sharing their accounts with malicious actors/unauthorized users. 2020-03-23T07:00:00 Proofpoint Threat Research Team node/92961 https://www.proofpoint.com/us/threat-insight/post/practitioners-update-free-covid-19-related-ids-rules Proofpoint Threat Research shows Threat Actors are using coronavirus themed lures to exploit human vulnerabilities. 2020-03-20T17:07:40 Brett Shaw node/92971 https://www.proofpoint.com/us/threat-insight/post/coronavirus-threat-landscape-update Overview 2020-03-18T08:55:58 Axel F, Sam Scholten node/92906 https://www.proofpoint.com/us/threat-insight/post/new-redline-stealer-distributed-using-coronavirus-themed-email-campaign In early March 2020, Proofpoint researchers observed an email campaign attempting to deliver a previously unknown malware which the malware author calls RedLine Stealer. 2020-03-16T08:47:55 Jeremy H, Axel F and Proofpoint Threat Insight Team node/92851 https://www.proofpoint.com/us/threat-insight/post/ta505-and-others-launch-new-coronavirus-campaigns-now-largest-collection-attack Proofpoint researchers are continuing to monitor malicious threat actor activity surrounding COVID-19. To date, the cumulative volume of coronavirus-related email lures now represents the greatest collection of attack types united by a single theme that our team has seen in years, if not ever. 2020-03-16T10:35:58 Sherrod DeGrippo node/92881 https://www.proofpoint.com/us/corporate-blog/post/attackers-use-fake-hiv-test-results-target-insurance-healthcare-and Healthcare concerns drive us to do a lot of things like change our diet, work out more, and take medication. But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links. 2020-03-11T09:45:00 Sherrod DeGrippo node/92116 https://www.proofpoint.com/us/threat-insight/post/guloader-popular-new-vb6-downloader-abuses-cloud-services Proofpoint researchers have observed a new downloader in the wild that we and other researchers are calling “GuLoader.” Our researchers first observed GuLoader in late December 2019 being used to deliver Parallax RAT, which itself had recently been released. While we regularly observe new loaders, GuLoader has gained popularity quickly and is in active use by multiple threat actors. 2020-03-05T07:15:00 Proofpoint Threat Research Team node/92101 https://www.proofpoint.com/us/threat-insight/post/illicit-email-volumes-and-suspicious-domain-registrations-provide-early-looks Proofpoint tracks UCE volume and suspicious domain registrations associated with presidential candidates. 2020-03-03T13:30:00 Christopher Dawson | Artem Gololobov | Eva Fortune node/92026 https://www.proofpoint.com/us/threat-insight/post/2020-tax-season-attacks-abusing-legitimate-applications-and-websites There’s an old saying that only two things are certain: death and taxes. And in 2020 you can add tax scams to that list. With April 15 quickly approaching, people in the United States are starting to think about their taxes and attackers are as well. Proofpoint researchers have already seen attackers aggressively jumping into tax season. So far we’ve seen attacks fall into two categories: 2020-02-19T10:45:00 Sherrod DeGrippo node/91221 https://www.proofpoint.com/us/threat-insight/post/proofpoint-q4-2019-threat-report-and-year-review-year-rat-ends-more-same Proofpoint researchers provide a snapshot of threats that characterized the fourth quarter of 2019 and look back on the year’s defining trends. 2020-02-14T03:00:00 Proofpoint Threat Insight Team node/91076 https://www.proofpoint.com/us/corporate-blog/post/attackers-expand-coronavirus-themed-attacks-and-prey-conspiracy-theoriesd-coronavirus-themed-attacks-and-prey-conspiracy-theories Proofpoint researchers continue to monitor the latest news and reports around the global Coronavirus outbreak for malicious activity. Aside from the overall increase in activity that the team has observed (which has reached hundreds of thousands of messages), the most notable developments we’ve seen are attacks that leverage conspiracy theory-based fears around purported unreleased cures for Coronavirus and campaigns that abuse perceived legitimate sources of health information to manipulate users. 2020-02-13T06:45:00 Sherrod DeGrippo node/91016 https://www.proofpoint.com/us/threat-insight/post/coronavirus-themed-attacks-target-global-shipping-concerns Last week attackers exploited Coronavirus fears by sending malicious health information emails aimed at Japanese-language speakers. This week Proofpoint researchers uncovered new Coronavirus-themed email attacks that focus on concerns around disruptions to global shipping. 2020-02-10T04:15:00 Sherrod DeGrippo node/90781 https://www.proofpoint.com/us/threat-insight/post/new-real-estate-research-attackers-target-full-transaction-chain There’s real money to be made in real estate. And in 2020, we anticipate the potential for profit will continue to attract cybercriminals as they attack real estate transactions, which are mostly carried out through their favorite channels: emails, websites, and attached documents. To uncover the top cyberattack trends—and detail necessary safety tips—we examined more than 600 U.S. real estate transaction attack attempts and here’s what we uncovered. 2020-02-06T05:45:00 Sherrod DeGrippo node/90681 https://www.proofpoint.com/us/corporate-blog/post/emotet-leverages-coronavirus-and-greta-thunberg-again-while-coronavirus-threats Global events often capture the world’s attention with a combination of wide recognition and a sense of urgency, but they are also unfortunately likely candidates for threat actor campaigns. TA542, the group behind Emotet clearly believes in this and is leveraging the recent Coronavirus health scare and climate change discussion to try and secure clicks. 2020-01-31T18:45:00 Threat Intelligence Team node/90326 https://www.proofpoint.com/us/threat-insight/post/emotet-returns-after-holiday-break-major-campaigns Threat actor group TA542, the group that’s behind Emotet, is back from their Christmas holiday. Based on past activity and what we’re seeing in just three days, one of the world’s most disruptive threats is back to work and everyone around the world should take note and implement steps to protect themselves. 2020-01-16T07:00:00 Sherrod DeGrippo node/89176 https://www.proofpoint.com/us/threat-insight/post/threat-insight-2019-review-year-rat Multi-function RATs established new malware trends for threat actors in 2019 2020-01-13T12:30:00 Proofpoint Threat Insight Team node/88701 https://www.proofpoint.com/us/threat-insight/post/proofpoints-2020-predictions-downloaders-and-botnets-abound-while-supply-chains The supply chain will be key to cybersecurity in 2020 while defenders should work to harden cloud infrastructure and email defenses. 2019-12-18T11:15:00 Proofpoint Threat Insight Team node/87651 https://www.proofpoint.com/us/threat-insight/post/buer-new-loader-emerges-underground-marketplace New actively marketed downloader avoids CIS countries, evades detection 2019-12-04T06:00:00 Kelsey Merriman | Dennis Schwarz | Kafeine | Axel F | Proofpoint Threat Insight Team node/86356 https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us Proofpoint researchers describe campaigns from TA2101, an actor currently using tax and public entity-themed lures to socially engineer its victims to install malware 2019-11-14T06:00:00 Bryan Campbell and the Proofpoint Threat Insight Team node/84881 https://www.proofpoint.com/us/threat-insight/post/proofpoint-q3-2019-threat-report-emotets-return-rats-reign-supreme-and-more Proofpoint researchers provide a snapshot of threats that characterized the third quarter of 2019 2019-11-07T06:00:00 Proofpoint Threat Insight Team node/84181 https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader Proofpoint researchers describe a new RAT being distributed by TA505 using a new downloader written in C++ 2019-10-16T06:00:00 Dennis Schwarz | Kafeine | Matthew Mesa | Axel F and The Proofpoint Threat Insight Team node/82446 https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian Proofpoint researchers describe recent changes in activity by the Iranian cybercrime group. 2019-10-14T06:00:00 The Proofpoint Threat Insight Team node/82026 https://www.proofpoint.com/us/threat-insight/post/new-whiteshadow-downloader-uses-microsoft-sql-retrieve-malware New WhiteShadow downloader uses Microsoft SQL to retrieve malware 2019-09-26T08:00:00 Bryan Campbell and Jeremy Hedges with the Proofpoint Threat Insight Team node/80771 https://www.proofpoint.com/us/threat-insight/post/cloud-attacks-prove-effective-across-industries-first-half-2019 No industry vertical was spared from cloud-related attacks in the first half of 2019. 2019-09-25T06:00:00 The Proofpoint Cloud App Security team node/77181 https://www.proofpoint.com/us/threat-insight/post/lookback-forges-ahead-continued-targeting-united-states-utilities-sector-reveals Proofpoint researchers describe new activity associated with LookBack malware and apparent state-sponsored attacks using the malware. 2019-09-23T07:00:00 Michael Raggi and the Proofpoint Threat Insight Team node/80271 https://www.proofpoint.com/us/threat-insight/post/proofpoint-q2-2019-threat-report-emotets-hiatus-mainstream-impostor-techniques Proofpoint researchers provide a snapshot of threats that characterized the second quarter of 2019 2019-09-19T00:15:00 The Proofpoint Threat Insight Team node/79966 https://www.proofpoint.com/us/threat-insight/post/pervasive-social-engineering-characterizes-threat-landscape-proofpoint-releases Proofpoint researchers detail how threat actors exploit “The Human Factor” based on 18 months of data related to social engineering and key threat trends. 2019-09-08T20:45:00 Proofpoint Threat Insight Team node/78641 https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module Proofpoint researchers continue to describe updates to PsiXBot, now using Google DNS and a module that records victims’ screens when viewing adult material. 2019-09-06T15:15:00 The Proofpoint Threat Insight Team node/78431 https://www.proofpoint.com/us/threat-insight/post/seems-phishy-back-school-lures-target-university-students-and-staff Proofpoint researchers describe seasonal phishing threats to university students around the globe 2019-09-05T10:15:00 Michael Walsh and the Proofpoint Threat Insight Team node/78176 https://www.proofpoint.com/us/threat-insight/post/psixbot-continues-evolve-updated-dns-infrastructure Proofpoint researchers describe an update to PsiXBot. 2019-08-13T06:00:00 Proofpoint Threat Insight Team node/75576 https://www.proofpoint.com/us/threat-insight/post/phishing-actor-using-xor-obfuscation-graduates-enterprise-cloud-storage-aws A phishing actor has been observed using public cloud storage at AWS to host their landing pages, using various obfuscation techniques including multibyte XOR encoding. 2019-08-08T10:00:00 The Proofpoint Threat Insight Team node/74711 https://www.proofpoint.com/us/threat-insight/post/systembc-christmas-july-socks5-malware-and-exploit-kits Proofpoint researchers describe a previously undocumented proxy malware currently appearing in RIG and Fallout EK campaigns. 2019-08-01T19:30:00 Kade Harmon | Kafeine | Dennis Schwarz | The Proofpoint Threat Insight Team node/73981 https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks Proofpoint researchers document recent spear phishing campaigns and a new remote access Trojan targeting US utilities. 2019-08-01T12:00:00 Michael Raggi and Dennis Schwarz with the Proofpoint Threat Insight Team node/74066 https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology Proofpoint researchers document “Operation LagTime IT,” in which the Chinese APT TA428 has targeted government IT agencies and Ministry of Foreign Affairs in Asia utilizing custom Cotx RAT malware. 2019-07-24T06:00:00 Michael Raggi and Dennis Schwarz with the Proofpoint Threat Insight Team node/72926 https://www.proofpoint.com/us/threat-insight/post/brushaloader-still-sweeping-victims-one-year-later Proofpoint researchers look back on BrushaLoader activity over the last year. 2019-07-22T06:00:00 Kafeine and the Proofpoint Threat Insight Team node/72646 https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware Proofpoint researchers detail historic and current campaigns and activities from TA544, an actor currently specializing in the distribution of the banking trojan, Ursnif, targeting Western Europe and Japan. 2019-07-11T08:15:00 Proofpoint Threat Insight Team node/70981 https://www.proofpoint.com/us/threat-insight/post/ta505-begins-summer-campaigns-new-pet-malware-downloader-andromut-uae-south Proofpoint describes a new loader being distributed in the UAE, South Korea, Singapore, and the United States by a prolific threat actor. 2019-07-02T06:00:00 Matthew Mesa and Dennis Schwarz with the Proofpoint Threat Insight Team node/70716 https://www.proofpoint.com/us/threat-insight/post/urlzone-top-malware-japan-while-emotet-and-line-phishing-round-out-landscape-0 Proofpoint researchers detail recent campaigns and threats affecting Japan. 2019-06-19T05:45:00 Proofpoint Threat Insight Team node/68806 https://www.proofpoint.com/us/threat-insight/post/proofpoint-q1-2019-threat-report-emotet-carries-quarter-consistent-high-volume Proofpoint researchers describe the threat landscape in the first quarter of 2019. 2019-05-28T17:45:00 Proofpoint Threat Insight Team node/66601 https://www.proofpoint.com/us/threat-insight/post/beyond-north-america-threat-actors-target-canada-specifically Proofpoint researchers describe the Canadian email threat landscape. 2019-05-23T08:00:00 Proofpoint Threat Insight Team node/66231 https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker-malware-distribution-service Proofpoint researchers detail historic and current campaigns and activities from TA542, the prolific actor behind Emotet, a “malware multi-tool.” 2019-05-15T10:30:00 Axel F and the Proofpoint Threat Insight Team node/65196 https://www.proofpoint.com/us/threat-insight/post/new-kpot-v20-stealer-brings-zero-persistence-and-memory-features-silently-steal Proofpoint researchers detail the latest iteration of KPOT Stealer 2019-05-09T08:30:00 Dennis Schwarz and the Proofpoint Threat Insight Team node/64351 https://www.proofpoint.com/us/threat-insight/post/2019-return-retefe Proofpoint researchers describe recent updates to the Retefe banking Trojan and changes to related actor TTPs. 2019-05-02T04:30:00 Bryan Campbell and the Proofpoint Threat Insight Team node/63551 https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits Proofpoint describes how phishers are abusing the popular software development platform. 2019-04-24T07:30:00 Proofpoint Threat Insight Team node/62761 https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers Proofpoint researchers describe recent campaigns leveraging tax season lures. 2019-04-03T06:00:00 Proofpoint Threat Insight Team node/60866 https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols Proofpoint researchers examine a range of techniques threat actors are using to increase the effectiveness of attacks against people and organizations via major cloud services 2019-03-14T01:30:00 Proofpoint Information Protection Research Team node/58716 https://www.proofpoint.com/us/threat-insight/post/danabot-control-panel-revealed Proofpoint researchers describe a recently discovered control panel executable for DanaBot malware. 2019-03-13T13:30:00 Dennis Schwarz and Proofpoint Threat Insight Team node/58636 https://www.proofpoint.com/us/threat-insight/post/nymaim-config-decoded Proofpoint researchers describe the unique bytecode config used by Nymaim malware. 2019-03-12T12:45:00 Georgi Mladenov node/58211 https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers Proofpoint researchers describe recent campaigns leveraging multi-step attacks and sophisticated social engineering. 2019-02-21T10:00:00 Proofpoint Threat Insight Team node/54291 https://www.proofpoint.com/us/threat-insight/post/proofpoint-releases-q4-2018-threat-report-and-year-review Proofpoint researchers examine key features of the threat landscape in the fourth quarter of 2018 and take a look back at major trends for the year. 2019-02-07T08:00:00 Proofpoint Threat Insight Team node/52836 https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505 Proofpoint researchers detail two undocumented pieces of malware being used by TA505. 2019-01-09T09:00:00 Dennis Schwarz and Proofpoint Staff node/50006 https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection Proofpoint researchers describe a new phishing template that uses a previously undocumented font trick to decode and display pages. 2019-01-03T12:00:00 Proofpoint Staff node/49536 https://www.proofpoint.com/us/threat-insight/post/lcg-kit-sophisticated-builder-malicious-microsoft-office-documents Proofpoint researchers detail a new malicious document builder known as LCG Kit. 2018-12-13T14:00:00 Proofpoint Staff node/48246 https://www.proofpoint.com/us/threat-insight/post/cybersecurity-predictions-2019 Proofpoint researchers predict trends that will shape the threat landscape in 2019. 2018-12-12T09:00:00 Proofpoint Staff node/47791 https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware Proofpoint researchers describe recent so-called “sextortion” campaigns, some of which featured links to ransomware as well. 2018-12-07T12:45:00 Proofpoint Staff node/47596 https://www.proofpoint.com/us/threat-insight/post/ta505-targets-us-retail-industry-personalized-attachments Proofpoint researchers describe recent campaigns in which actors use targeted lures to go after retailers. 2018-12-06T07:15:00 Proofpoint Staff node/47411 https://www.proofpoint.com/us/threat-insight/post/thanksgiving-christmas-cybercriminals-cash-range-threats-over-holidays Proofpoint researchers describe a variety of holiday-related threats and scams facing businesses and consumers this season. 2018-12-03T05:15:00 Proofpoint Staff node/47086 https://www.proofpoint.com/us/threat-insight/post/kovcoreg3ve-domains-sinkholed-bringing-down-kovter-ad-fraud-infrastructure-and The US Department of Justice and industry partners bring down a massive ad fraud and cybercrime operation. 2018-11-27T15:15:00 Proofpoint Staff node/46581 https://www.proofpoint.com/us/threat-insight/post/trat-new-modular-rat-appears-multiple-email-campaigns Proofpoint researchers detail a new RAT being distributed by TA505. 2018-11-15T07:15:00 Proofpoint Staff node/45611 https://www.proofpoint.com/us/threat-insight/post/spammers-use-brand-recognition-make-trump-top-term-2018-midterm-election-email Proofpoint researchers chart spam volumes related to the midterm elections. 2018-11-05T08:30:00 Proofpoint Staff node/44521 https://www.proofpoint.com/us/threat-insight/post/proofpoint-threat-report-banking-trojans-and-downloaders-dominate-malware-while Proofpoint researchers provide a snapshot of the threat landscape in the third quarter of 2018. 2018-11-01T01:45:00 Proofpoint Staff node/44216 https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy Proofpoint researchers track an actor’s recent activity and their move to a new PowerShell loader 2018-10-23T07:00:00 Proofpoint Staff node/43391 https://www.proofpoint.com/us/threat-insight/post/hurricane-michael-phishing-schemes-leverage-azure-blob-storage-rake-credentials Proofpoint researchers detail recent phishing templates that combine multiple techniques for credential theft. 2018-10-19T08:00:00 Proofpoint Staff node/43046 https://www.proofpoint.com/us/threat-insight/post/german-language-threats-span-phishing-bec-malware-and-more Proofpoint researchers provide an overview of the wide range of threats affecting German-speaking regions. 2018-10-10T06:15:00 Proofpoint Staff node/42316 https://www.proofpoint.com/us/threat-insight/post/danabot-gains-popularity-and-targets-us-organizations-large-campaigns Proofpoint researchers describe new campaigns using the DanaBot banking Trojan. 2018-10-02T06:45:00 Proofpoint Staff node/41691 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-3-cobint Proofpoint researchers provide new analysis of a downloader called CobInt, associated with the Cobalt Group but following a new trend of small-footprint, modular loaders. 2018-09-11T08:15:00 Proofpoint Staff node/38496 https://www.proofpoint.com/us/threat-insight/post/new-modular-downloaders-fingerprint-systems-part-2-advisorsbot Proofpoint researchers detail a previously undocumented downloader and a PowerShell/.NET rewrite of the new malware 2018-08-23T08:00:00 Proofpoint Staff node/37011 https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside Proofpoint researchers detail recent updates to the AZORult information stealer. 2018-07-30T08:45:00 Proofpoint Staff node/34931 https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks Proofpoint researchers analyze a stealthy new remote access Trojan. 2018-07-25T07:15:00 Proofpoint Staff node/34506 https://www.proofpoint.com/us/threat-insight/post/kronos-reborn Proofpoint researchers examine a new version of the Kronos banking Trojan. 2018-07-24T07:15:00 Proofpoint Staff node/34406 https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat Proofpoint researchers detail a large campaign abusing the DeepLink object in SettingContent-ms files embedded in PDF documents. 2018-07-19T14:45:00 Proofpoint Staff node/34111 https://www.proofpoint.com/us/threat-insight/post/if-you-cant-steal-them-mine-them-cryptocurrency-threat-roundup Proofpoint researchers detail the current state of cryptocurrencies in cybercrime. 2018-06-21T16:15:00 Sherrod DeGrippo node/33326 https://www.proofpoint.com/us/threat-insight/post/ta505-shifts-times Proofpoint researchers provide an update on substantial changes in the TTPs of one of the most prolific actors we track. 2018-06-08T09:30:00 Proofpoint Staff node/32656 https://www.proofpoint.com/us/threat-insight/post/danabot-new-banking-trojan-surfaces-down-under-0 Proofpoint researchers analyze a new banking Trojan that recently appeared in the wild. 2018-05-31T14:45:00 Proofpoint Staff node/32531 https://www.proofpoint.com/us/threat-insight/post/thief-night-new-nocturnal-stealer-grabs-data-cheap Proofpoint researchers describe a previously undocumented stealer. 2018-05-30T16:00:00 Proofpoint Staff node/32511 https://www.proofpoint.com/us/threat-insight/post/phorpiex-decade-spamming-shadows Proofpoint researchers detail how the Phorpiex/Trik botnet operates and sends spam for a range of actors. 2018-05-24T16:15:00 Proofpoint Staff node/32481 https://www.proofpoint.com/us/threat-insight/post/money-nothing-cryptocurrency-giveaways-net-thousands-scammers Proofpoint researchers detail a new trend in cryptocurrency giveaway scams 2018-05-23T14:00:00 Proofpoint Staff node/32461 https://www.proofpoint.com/us/threat-insight/post/brain-food-botnet-gives-website-operators-heartburn Proofpoint researchers detail the purpose, function, and propagation of the Brain Food botnet. 2018-05-18T14:45:00 Andrew Conway node/32411 https://www.proofpoint.com/us/threat-insight/post/new-vega-stealer-shines-brightly-targeted-campaign Proofpoint researchers describe a new information stealer distributed in a campaign with unusual targeting. 2018-05-10T13:45:00 Proofpoint Staff node/32316 https://www.proofpoint.com/us/threat-insight/post/eitest-sinkholing-oldest-infection-chain Proofpoint researchers detail the evolution of the EITest infection chain and help sinkhole the long-running operation. 2018-04-12T11:45:00 Kafeine node/31786 https://www.proofpoint.com/us/threat-insight/post/sandiflux-another-fast-flux-infrastructure-used-malware-distribution-emerges Proofpoint researchers studied a previously undocumented botnet providing Fast Flux infrastructure for cybercrime. 2018-03-30T21:00:00 Kafeine node/31651 https://www.proofpoint.com/us/threat-insight/post/unraveling-ThreadKit-new-document-exploit-builder-distribute-The-Trick-Formbook-Loki-Bot-malware In October 2017, Proofpoint researchers discovered a new Microsoft Office document exploit builder kit that featured a variety of recent exploits as well as a mechanism to report infection statistics. 2018-03-25T16:15:00 Axel F, Matthew Mesa node/31466 https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-steal-credentials-spread-banking-trojans-rats-ransomware In 2018, Proofpoint researchers have observed another strong season for tax-themed email lures, and the payloads of these campaigns are representative of broader malware trends and highlight notable differences compared to last year. 2018-03-23T10:45:00 Proofpoint Staff node/31461 https://www.proofpoint.com/us/threat-insight/post/drive-service-blacktds Proofpoint researchers track a new web-based attack chain offered as a service to threat actors 2018-03-13T13:00:00 Kafeine node/31196 https://www.proofpoint.com/us/threat-insight/post/leaked-ammyy-admin-source-code-turned-malware Proofpoint researchers track campaigns involving a new RAT based on the leaked source code of the Ammyy Remote Administration tool. 2018-03-07T09:30:00 Proofpoint Staff node/31151 https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators Proofpoint researchers analyze a massive Monero mining botnet. 2018-01-31T08:45:00 Kafeine node/30226 https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransomware-bitcoin-payments-onion-domains Proofpoint researchers track operators of a Tor proxy diverting ransomware payments to their own Bitcoin wallets. 2018-01-29T12:00:00 Proofpoint Staff node/30176 https://www.proofpoint.com/us/threat-insight/post/proofpoint-q4-2017-threat-report-coin-miners-and-ransomware-are-front-and-center Proofpoint researchers detail the trends and changes in the threat landscape over the last quarter of 2017. 2018-01-17T20:00:00 Proofpoint Staff node/30026 https://www.proofpoint.com/us/threat-insight/post/holiday-lull-not-so-much Proofpoint researchers compare holiday campaigns in 2016 and 2017 and find that this season did not follow the expected pattern of a holiday break for major threat actors. 2018-01-12T10:30:00 Proofpoint Staff node/29986 https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new Proofpoint researchers detail how APT actors are using cryptocurrency lures to drop backdoors and go after targets with potential interests in Bitcoin as well as point-of-sale infrastructure. 2017-12-19T14:45:00 Darien Huss node/29616 https://www.proofpoint.com/us/threat-insight/post/zeus-panda-banking-trojan-targets-online-holiday-shoppers Proofpoint researchers detail the use of a well-known banking Trojan to target online holiday shoppers in the UK and Canada. 2017-12-14T14:45:00 Proofpoint Staff node/29506 https://www.proofpoint.com/us/threat-insight/post/cybersecurity-predictions-2018 Proofpoint researchers look at recent trends to predict ways in which the threat landscape will evolve in 2018. 2017-12-05T14:00:00 Proofpoint Staff node/29291 https://www.proofpoint.com/us/threat-insight/post/dialing-dollars-coinminers-appearing-malware-components-standalone-threats Although the first Bitcoin was mined in 2009, the value of the “cryptocurrency” and new alternatives like Litecoin and Monero have risen dramatically in recent months. 2017-11-29T09:45:00 Proofpoint Staff node/29171 https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks Proofpoint researchers describe a campaign targeting German-speaking regions in which credential phishing leads to an Android banking Trojan and concludes with an additional phishing scheme executed by the banking Trojan itself. 2017-11-03T15:30:00 Proofpoint Staff node/28016 https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-kovcoreg-kovter-saga Proofpoint researchers detail the history of the threat actor known as the “KovCoreG Gang” and the evolution of the malicious tools they use across a variety of campaigns. 2017-11-01T06:00:00 Kafeine node/27951 https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed Proofpoint researchers discover one of the first in-the-wild use of the Flash vulnerability CVE-2017-11292 in malicious document attacks by APT28. 2017-10-19T13:15:00 Kafeine, Pierre T node/27506 https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets Proofpoint researchers track an actor and their attacks on targets with potential military and government interests. 2017-10-16T17:15:00 Axel F, Pierre T node/27446 https://www.proofpoint.com/us/threat-insight/post/kovter-group-malvertising-campaign-exposes-millions-potential-malware-and-fraud Proofpoint researchers describe recent malvertising activity by the so-called “KovCoreG group” impacting several high-ranking websites. 2017-10-06T13:15:00 Kafeine and Proofpoint Staff node/26981 https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter Proofpoint researchers detail the malware and notable campaigns associated with one of the most prolific threat actors: TA505. 2017-09-27T16:00:00 Proofpoint Staff node/26656 https://www.proofpoint.com/us/threat-insight/post/retefe-banking-trojan-leverages-eternalblue-exploit-swiss-campaigns Proofpoint researchers track versions of the Retefe banking Trojan that use the now infamous EternalBlue exploit to move within networks after initial infections. 2017-09-21T15:30:00 Proofpoint Staff node/26281 https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures Proofpoint researchers track a new campaign by a Chinese APT actor using the promise of leaked Game of Thrones content in lures delivering a well-known RAT. 2017-08-25T13:00:00 Darien Huss and Matthew Mesa node/25701 https://www.proofpoint.com/us/threat-insight/post/defray-new-ransomware-targeting-education-and-healthcare-verticals Proofpoint researchers detail a new ransomware strain called Defray after it is used in small, targeted attacks on healthcare, education, and manufacturing organizations. 2017-08-24T14:00:00 Proofpoint Staff node/25686 https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack Proofpoint researchers detail new droppers and updated functionality in what appears to be a G20-targeted attack by the Turla APT actor. 2017-08-17T17:15:00 Darien Huss node/25426 https://www.proofpoint.com/us/threat-insight/post/threat-actor-goes-chrome-extension-hijacking-spree Proofpoint researchers track a number of Chrome extensions compromised for stealing credentials and hijacking web traffic. 2017-08-14T15:00:00 Kafeine node/25356 https://www.proofpoint.com/us/threat-insight/post/q2-threat-report-high-volume-malicious-email-campaigns-ransomworms-make Proofpoint researchers track the trends that shaped the threat landscape in the second quarter of 2017. 2017-08-10T01:30:00 Proofpoint Staff node/25336 https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor Proofpoint researchers track changes to macros and a new Jscript backdoor being used by the FIN7 threat actor. 2017-07-31T10:00:00 Matthew Mesa, Darien Huss node/25146 https://www.proofpoint.com/us/threat-insight/post/backdoored-litecoin-wallet-spread-typosquatted-domains Proofpoint researchers track XKey keylogger malware distributed via typosquatted clones of the Litecoin cryptocurrency website and backdoored versions of the app. 2017-07-27T11:00:00 Proofpoint Staff node/25091 https://www.proofpoint.com/us/threat-insight/post/google-oauth-worm-leads-proofpoint-discovery Since at least 2011 [1] [2], information security researchers have attempted to raise awareness about the ease with which attackers could create seemingly legitimate apps and then trick users into granting them access to email and cloud service accounts. The Google OAuth worm that spread in May 2017 exploited this lack of validation, which affected more than one million G Suite users [3]. In the wake of this campaign, Google introduced validations around the choice of name for new OAuth clients. 2017-07-24T07:00:00 Proofpoint Staff node/24991 https://www.proofpoint.com/us/threat-insight/post/meet-ovidiy-stealer-bringing-credential-theft-masses Proofpoint researchers analyze a previously undocumented stealer called Ovidiy Stealer. Lightweight, efficient, and with attractive pricing and marketing, Ovidiy Stealer makes it easy for would-be criminals to make the leap into credential theft. 2017-07-13T15:45:00 Proofpoint Staff node/24941 https://www.proofpoint.com/us/threat-insight/post/pyramid-schemes-go-high-tech-affiliate-spam-and-malware-affiliates Proofpoint researchers examine how the affiliate marketing model drives both spam and malware distribution. 2017-06-27T17:15:00 Proofpoint Staff node/24521 https://www.proofpoint.com/us/threat-insight/post/adgholas-malvertising-campaign-using-astrum-ek-deliver-mole-ransomware Proofpoint researchers track recent AdGholas activity with colleagues from the advertising and security industries after ransomware activity in the UK set off red flags. 2017-06-20T01:00:00 Kafeine node/24271 https://www.proofpoint.com/us/threat-insight/post/follow-money-phishing-schemes-go-after-cryptocurrency Proofpoint researchers examine phishing templates used to steal cryptocurrencies and related credentials from users. 2017-06-12T13:15:00 Proofpoint Staff node/24186 https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target Proofpoint researchers track the actor known as Cobalt using Microsoft Word Intruder (MWI) and a well-known vulnerability to target financial institutions. 2017-06-01T15:15:00 Matthew Mesa, Axel F, Pierre T, Travis Green node/23931 https://www.proofpoint.com/us/threat-insight/post/what-election-spam-can-tell-us-about-candidates-and-election-outcomes After multiple election cycles, Proofpoint researchers point to relationships between spam volumes and election outcomes. 2017-05-31T14:15:00 Proofpoint Staff node/23886 https://www.proofpoint.com/us/threat-insight/post/where-are-exploits-yesteryear Proofpoint researchers track the effectiveness of exploit kits and the declining availability of unpatched vulnerabilities. 2017-05-25T06:45:00 Proofpoint Staff node/23846 https://www.proofpoint.com/us/threat-insight/post/jaff-new-ransomware-from-actors-behind-distribution-of-dridex-locky-bart Proofpoint researchers analyze new ransomware from the actors who brought us Dridex, Locky, and Bart. 2017-05-11T10:00:00 Proofpoint Staff node/23581 https://www.proofpoint.com/us/threat-insight/post/introducing-loda-malware Proofpoint researchers describe a previously undocumented keylogger and remote access Trojan called Loda. 2017-05-10T11:15:00 Proofpoint Staff node/23561 https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts Proofpoint researchers track a China-based APT actor and their attacks on financial services analysts covering the telecommunications industry. 2017-04-27T10:00:00 Axel F node/23301 https://www.proofpoint.com/us/threat-insight/post/facebook-spam-botnet-trades-account-access-for-likes Proofpoint researchers analyze a Facebook spam botnet that uses a legitimate app and the human factor to spam a major media company. 2017-04-26T10:00:00 Proofpoint Staff node/23276 https://www.proofpoint.com/us/threat-insight/post/philadelphia-ransomware-customization-commodity-malware Proofpoint researchers track the changing ransomware landscape and examine the use of commodity ransomware in targeted attacks on healthcare organizations. 2017-04-25T12:00:00 Proofpoint Staff node/23281 https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-recipients-unpatched-microsoft-zero-day Proofpoint researchers have discovered that Dridex actors are already using CVE-2017-0199, a Microsoft Word zero-day first publicly revealed this weekend and patched April 11. 2017-04-10T20:30:00 Proofpoint Staff node/23111 https://www.proofpoint.com/us/threat-insight/post/high-volume-dridex-campaigns-return Proofpoint researchers track several new high-volume Dridex campaigns – the first to hit millions of recipients since May 2016. 2017-04-04T11:30:00 Proofpoint Staff node/22856 https://www.proofpoint.com/us/threat-insight/post/mobile-malware-masquerades-as-POS-management-app Proofpoint researchers examine a new piece of mobile malware that purports to be a point-of-sale management app but is actually a powerful information stealer. 2017-03-13T13:30:00 Proofpoint Staff node/22446 https://www.proofpoint.com/us/threat-insight/post/magnitude-actor-social-engineering-scheme-windows-10 Proofpoint researchers provide background on Magnitude activity and explore a newly added social engineering scheme 2017-03-08T11:45:00 Kafeine node/22421 https://www.proofpoint.com/us/threat-insight/post/phishing-goes-mobile-sms Proofpoint researchers track an SMS phishing campaign and gain insights into this increasingly prevalent attack vector. 2017-03-06T15:30:00 Dave Jevans node/22396 https://www.proofpoint.com/us/threat-insight/post/q4-threat-summary-year-review-evolving-threats Proofpoint researchers look back at the last quarter of 2016 and the full year to understand the shifting threat landscape and provide recommendations for the year to come. 2017-02-07T19:00:00 Proofpoint Staff node/21911 https://www.proofpoint.com/us/threat-insight/post/malware-phishing-making-rounds-france Proofpoint researchers track a variety of recent online threats, ranging from banking Trojans to credential phishing, targeting French interests. 2017-02-03T16:45:00 Proofpoint Staff node/21816 https://www.proofpoint.com/us/threat-insight/post/hook-line-sinker-sophisticated-phishing-kit Proofpoint researchers analyze the capabilities and data flow of a new PayPal phishing kit. 2017-02-02T06:00:00 Proofpoint Staff node/21781 https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx Overview 2017-02-02T16:15:00 Darien Huss, Pierre T, Axel F and Proofpoint Staff node/21811 https://www.proofpoint.com/us/threat-insight/post/EITest-Nabbing-Chrome-Users-Chrome-Font-Social-Engineering-Scheme Proofpoint researchers provide background on EITest activity and explore a newly added Chrome case of the EITest infection chain 2017-01-17T13:45:00 Kafeine node/21411 https://www.proofpoint.com/us/threat-insight/post/targeted-threat-leads-to-keylogger-via-fake-silverlight-update Proofpoint researchers track a targeted keylogger campaign using embedded Visual Basic objects and a fake Silverlight update lure. 2017-01-12T14:45:00 Danny Howerton node/21351 https://www.proofpoint.com/us/threat-insight/post/phishing-actors-take-cue-malware-distributing-brethren Proofpoint researchers explore a financial phishing campaign using password-protected attachments, a technique becoming more common in malware campaigns. 2016-12-21T08:15:00 Proofpoint Staff node/21171 https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices Proofpoint researchers track ongoing malvertising campaigns leading to the DNSChanger exploit kit. 2016-12-13T11:00:00 Kafeine node/21081 https://www.proofpoint.com/us/threat-insight/post/ostap-bender-400-ways-make-population-part-with-their-money Proofpoint researchers track a threat actor group using a new malware and malicious emails to infect victims with banking Trojans and POS malware. 2016-12-08T14:30:00 Proofpoint Staff node/20936 https://www.proofpoint.com/us/threat-insight/post/august-in-december-new-information-stealer-hits-the-scene Proofpoint researchers identify a new information stealer that can grab messenger and FTP credentials, cryptocurrency wallets, and other data while evading detection. 2016-12-07T05:00:00 Proofpoint Staff node/20866 https://www.proofpoint.com/us/threat-insight/post/zeuspos-newposthings-point-of-sale-malware-traffic-quadruples-black-friday Proofpoint researchers track multiple point-of-sale malware variants and seasonal variations in their propagation. 2016-12-06T04:00:00 Proofpoint Staff node/20806 https://www.proofpoint.com/us/threat-insight/post/cybersecurity-predictions-2017 Proofpoint security researchers share their predictions for the top threat landscape trends to watch for in 2017. 2016-11-30T04:00:00 Proofpoint Staff node/20636 https://www.proofpoint.com/us/threat-insight/post/phishing-templates-sold-on-youtube-with-backdoors Proofpoint researchers track phishing software advertised, distributed (and backdoored) via YouTube. 2016-11-23T08:30:00 Proofpoint Staff node/20526 https://www.proofpoint.com/us/threat-insight/post/ransoc-desktop-locking-ransomware-ransacks-local-files-social-media-profiles Proofpoint researchers track a new ransomware variant that gathers data about victims on their Skype, Facebook, and LinkedIn accounts. 2016-11-14T13:30:00 Proofpoint Staff node/20206 https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-8-adds-support-for-flash-vulnerability Proofpoint researchers analyze the addition of a new Flash vulnerability to a popular exploit document builder. 2016-11-07T11:30:00 Proofpoint Staff node/20076 https://www.proofpoint.com/us/threat-insight/post/election-spam-gets-bipartisan As November 8th gets closer, Proofpoint researchers take a last look at election-related spam and what it says about the patterns and tactics of spammers (and campaigners). 2016-11-03T07:00:00 Proofpoint Staff node/19936 https://www.proofpoint.com/us/threat-insight/post/veil-framework-infects-victims-targeted-owa-phishing-attack Proofpoint researchers track a novel targeted phishing attack that combines several threat vectors to set up advanced attacks as well as a basic credential phish. 2016-10-28T14:30:00 Proofpoint Staff node/19806 https://www.proofpoint.com/us/threat-insight/post/spike-kovter-ad-fraud-malware-clever-macro-trick Proofpoint researchers track a personalized campaign that delivers the Kovter ad fraud Trojan. 2016-10-20T10:00:00 Proofpoint Staff node/19366 https://www.proofpoint.com/us/threat-insight/post/cyber-criminals-tap-german-speaking%20targets-oktoberfest Not surprisingly, banking Trojans continue to dominate the landscape in German-speaking financial centers in Europe, especially Germany and Switzerland. 2016-10-18T07:00:00 Proofpoint Staff node/19186 https://www.proofpoint.com/us/threat-insight/post/proofpoint-q3-threat-summary-locky-ransomware-social-threats-bec Proofpoint researchers follow trends in email, mobile, and social threats throughout the third quarter of 2016. 2016-10-13T19:00:00 Proofpoint Staff node/19106 https://www.proofpoint.com/us/threat-insight/post/microsoft-patches-CVE-2016-3298-second-information-disclosure-zero-day Proofpoint researchers discovered and reported another information disclosure vulnerability associated with the AdGholas malvertising campaign and the Neutrino exploit kit used to filter researchers and delay exposing infection chains. 2016-10-11T11:30:00 Proofpoint Staff node/19016 https://www.proofpoint.com/us/threat-insight/post/windows-troubleshooting-platform-leveraged-deliver-malware Proofpoint researchers discover a new technique for delivering malware via document attachments that leverages the Windows Troubleshooting Platform. 2016-10-06T15:00:00 Matthew Mesa, Axel F, Proofpoint Staff node/18881 https://www.proofpoint.com/us/threat-insight/post/hades-locker-ransomware-mimics-locky Proofpoint researchers identify a new ransomware variant known as Hades Locker sent via the same spam botnet as recent CryptFile2 and MarsJoke campaigns. 2016-10-05T15:15:00 Proofpoint Staff node/18831 https://www.proofpoint.com/us/threat-insight/post/MarsJoke-Ransomware-Mimics-CTB-Locker Proofpoint researchers uncover a new ransomware variant called MarsJoke in a large campaign targeting government and educational institutions. 2016-09-23T12:45:00 Proofpoint Staff node/18231 https://www.proofpoint.com/us/threat-insight/post/ursnif-banking-trojan-campaign-sandbox-evasion-techniques Proofpoint researchers track new tools and techniques for evading sandboxes and improving targeting while an actor distributes personalized lures and the Ursnif banking Trojan to Australian targets. 2016-09-20T10:15:00 Proofpoint Staff node/18036 https://www.proofpoint.com/us/threat-insight/post/Microsoft-Patches-Zero-Day-Exploited-By-AdGholas-GooNky-Malvertising A newly patched zero-day vulnerability discovered by Proofpoint researchers demonstrates how threat actors are increasingly filtering out researchers and sandboxes in their attacks. 2016-09-13T15:00:00 node/16836 https://www.proofpoint.com/us/threat-insight/post/phish-nabbing-users-one-email-at-a-time Proofpoint researchers track a phishing campaign that demonstrates far more sophistication than the vanilla financial and credential phishing attempts with which most users are familiar. 2016-09-12T12:00:00 Proofpoint Staff node/16691 https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality Proofpoint researchers track recent significant updates including Tor network and P2P communications in one of the most active Ursnif variants exploring campaigns across multiple geographies. 2016-08-25T11:45:00 Proofpoint Staff node/14101 https://www.proofpoint.com/us/threat-insight/post/panda-banker-starts-looking-more-like-a-grizzly Proofpoint researchers track a large 2-day campaign employing the Zeus Panda banking Trojan to target banks in Europe and Australia, international online payment systems, and, interestingly, UK online casinos. 2016-08-12T11:00:00 Proofpoint Staff node/13761 https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight Proofpoint and Trend Micro researchers collaborated to detect and analyze a sophisticated, previously undocumented malvertising campaign that exposed millions of users every day to attacks that employed steganography and multi-layered filtering. 2016-07-28T09:30:00 Kafeine node/12034 https://www.proofpoint.com/us/threat-insight/post/what-spring-proofpoint-q2-threat-summary-tracks-ransomware-exploit-kits-and-more Overview The first five months of 2016 were dominated by malicious email campaigns of unprecedented volume. New ransomware variants emerged quickly. Meanwhile, Dridex actors began distributing Locky ransomware and repeatedly shifted tactics with new loaders, document attachment types, and obfuscation techniques to evade detection. 2016-07-25T10:00:00 node/12032 https://www.proofpoint.com/us/threat-insight/post/spam-now-with-side-of-cryptxxx-ransomware For the first time since Proofpoint researchers discovered CryptXXX, the ransomware is being distributed via malicious documents attached to email messages. 2016-07-14T15:15:00 Proofpoint Staff node/12031 https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russian-european-interests Proofpoint researchers track an advanced persistent threat as Chinese actors target Russian and European military and diplomatic interests. 2016-07-07T13:00:00 Axel F node/12029 https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app Proofpoint 研究者發現克隆寵物小精靈去安卓 APK 時與惡意的遠端存取工具 （鼠） DroidJack。 2016-07-07T16:30:00 Proofpoint Staff node/12030 https://www.proofpoint.com/us/threat-insight/post/banking-trojans-dridex-vawtrak-others-increase-focus-on-canada Proofpoint researchers describe the malware involved in a recent uptick in banking Trojans targeting Canadian interests. 2016-06-29T13:15:00 Proofpoint Staff node/12028 https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-Threat-Actors-Spreading-Dridex-and-Locky Proofpoint researchers identified a new ransomware called “Bart” from actors who have been spreading Dridex and Locky. 2016-06-24T12:45:00 Proofpoint Staff node/12027 https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-returns-with-updated-locky-ransomware-in-tow Proofpoint researchers dissect the payload from the first large Locky ransomware campaign in over 3 weeks. 2016-06-22T13:00:00 Proofpoint Staff node/11221 https://www.proofpoint.com/us/threat-insight/post/Neutrino-Exploit-Kit-Distributing-Most-CryptXXX Proofpoint researchers have been tracking the relatively sudden shutdown of several elements of the advanced threat ecosystem, including the Angler exploit kit, which now appears to extend well beyond the disruption of the Necurs botnet we covered last week. 2016-06-16T11:15:00 Proofpoint Staff node/10861 https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-outage-crimps-dridex-and-locky-distribution Proofpoint researchers take a look at the effects of an apparent outage in the massive Necurs botnet on two of the biggest names in malware: Dridex and Locky. 2016-06-09T13:00:00 Proofpoint Staff node/10691 https://www.proofpoint.com/us/threat-insight/post/malicious-macros-add-to-sandbox-evasion-techniques-to-distribute-new-dridex Proofpoint researchers track new campaigns from a familiar actor using evasive macros and distributing a new Dridex sub-botnet targeting Swiss banking institutions. 2016-06-02T13:00:00 Proofpoint Staff node/10306 https://www.proofpoint.com/us/threat-insight/post/cryptxxx-ransomware-learns-samba-other-new-tricks-with-version3100 With its latest version, detected last week by Proofpoint researchers, CryptXXX breaks the currently available decryption tool and adds new capabilities to encrypt shared network resources, among other updates. 2016-06-01T13:00:00 Proofpoint Staff node/10211 https://www.proofpoint.com/us/threat-insight/post/two-threats-for-price-of-one-credential-phishing-leads-to-ispy-keylogger Proofpoint researchers recently detected a phishing campaign that ultimately led recipients to download and install the iSpy keylogger. 2016-05-27T09:00:00 Proofpoint Staff node/10091 https://www.proofpoint.com/us/threat-insight/post/Locky-Ransomware-Actors-Turning-to-XORed-JavaScript-to-Bypass-Traditional-Defenses Proofpoint researchers have observed certain threat actors distributing Locky with JavaScript attachments using XOR obfuscation to conceal the malware they are distributing, adapting to increasing awareness of malicious JavaScript attachments to email. 2016-05-26T13:45:00 Proofpoint Staff node/10071 https://www.proofpoint.com/us/threat-insight/post/beware-javascript-malicious-email-campaigns-with-js-attachments-explode Proofpoint researchers have been tracking what appears to be the “next big thing” in email malware distribution – JavaScript attachments by the hundreds of millions. 2016-05-24T13:00:00 Proofpoint Staff node/9936 https://www.proofpoint.com/us/threat-insight/post/hancitor-ruckguv-reappear Proofpoint researchers analyze two updated malware downloaders that have reappeared after several months hiatus and profile one threat actor experimenting with various loaders to distribute Vawtrak. 2016-05-12T13:00:00 Axel F, Matthew Mesa node/9456 https://www.proofpoint.com/us/threat-insight/post/abaddonpos-now-targeting-specific-pos-software Proofpoint researchers track an updated point-of-sale malware called AbaddonPOS and loader being distributed in targeted, personalized emails to US retailers. 2016-05-10T14:45:00 Matthew Mesa, Darien Huss node/9421 https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool Proofpoint researchers have been tracking Version 2.00x of the CryptXXX ransomware. The latest iteration, version 2.006, breaks the freely available decryption tool for CryptXXX. 2016-05-09T13:00:00 Proofpoint Staff node/9176 https://www.proofpoint.com/us/threat-insight/post/Exploit-Kit-Deja-Vu Proofpoint researchers observed massive email campaigns with a twist – malicious URLs in the emails lead to purpose-built pages on compromised websites that in turn use Angler to drop Dridex on vulnerable PCs. 2016-05-05T12:30:00 Matthew Mesa node/9031 https://www.proofpoint.com/us/threat-insight/post/ransomware-explosion-continues-cryptflle2-brlock-mm-locker-discovered Proofpoint researchers continue to see the regular and rapid emergence of new ransomware strains and variants, validating trends observed since the end of 2015. 2016-04-27T14:15:00 Axel F, Proofpoint Staff node/8571 https://www.proofpoint.com/us/threat-insight/post/quarterly-threat-summary-dridex-ransomware-bec-phishing-hog-spotlight Proofpoint threat researchers publish their analysis of the top threats and trends of the first three months of 2016. 2016-04-25T14:00:00 Proofpoint Staff node/8266 https://www.proofpoint.com/us/threat-insight/post/panda-banker-new-banking-trojan-hits-the-market Proofpoint researchers have been tracking a new banking Trojan since March that has already been used in both targeted and widespread attacks. 2016-04-20T13:00:00 Axel F node/8151 https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK). Combining our findings with intelligence shared by Frank Ruiz (Fox IT InTELL) lead us to the same conclusion: this project is conducted by the same group that was driving Reveton ransomware operations and is closely tied to Angler/Bedep. 2016-04-18T13:00:00 Kafeine node/7786 https://www.proofpoint.com/us/threat-insight/post/killing-zero-day-in-the-egg Proofpoint security researchers discover a new exploit in the Magnitude EK that leads to a previously unreported vulnerability in Adobe Flash. 2016-04-07T16:00:00 Kafeine node/7573 https://www.proofpoint.com/us/threat-insight/post/dridex-actors-get-in-ransomware-with-locky Earlier this year, Proofpoint researchers discovered Locky ransomware. Most notably, the same actors behind many of the largest Dridex campaigns were involved in distributing Locky and were doing it at a scale we’d previously only associated with the Dridex banking Trojan. In recent weeks, we detected a marked increase in email campaigns attempting to install Locky, culminating on April 7th with the largest single campaign (tens of millions of messages) we have ever observed. 2016-04-06T15:00:00 Chris Wakelin node/7574 https://www.proofpoint.com/us/threat-insight/post/phish-scales-malicious-actor-target-execs Targeted and personalized emails combined with a variety of malware represent a new and sophisticated approach from a particular actor we’ve been tracking this year. 2016-04-05T12:30:00 Matthew Mesa node/7557 https://www.proofpoint.com/us/threat-insight/post/Attackers-Increasing-Use-Of-Typosquatting So-called “typosquatters” aren’t just getting savvier – they have a whole new world of top-level domains to use to trick businesses and consumers into giving up their personal information. 2016-03-30T12:30:00 Christopher Dawson node/7539 https://www.proofpoint.com/us/threat-insight/post/video-malvertising-bringing-new-risks-high-profile-sites On March 13, 2016, Proofpoint researchers observed a large malvertising campaign hitting many highly-ranked websites including MSN.com, foxnews.com and many others. We also surmised (and later confirmed) that there was a video malvertising involved in this campaign. While such campaigns aren’t new, this appears to be the first such documented campaign leading to an exploit kit. 2016-03-18T15:30:00 Proofpoint Staff node/7442 https://www.proofpoint.com/us/threat-insight/post/Gone-Tax-Phishing-Till-April-18th Obfuscation, sophisticated lures, and well-written phishing kits combine to make this a risky tax season for unsuspecting filers. 2016-03-17T15:30:00 Proofpoint Staff node/7439 https://www.proofpoint.com/us/threat-insight/post/carbanak-cybercrime-group-targets-executives-of-financial-organizations-in-middle-east The Carbanak gang appears to be back, and Proofpoint researchers analyze the early stages of a campaign that could steal another billion dollars. 2016-03-14T16:30:00 Aleksey F, Darien Huss, Chris Wakelin, Chris I, and Proofpoint Staff node/7410 https://www.proofpoint.com/us/threat-insight/post/Death-Comes-Calling-Thanatos-Alphabot-Trojan-Hits-Market Proofpoint researchers have identified a new Trojan with robust functionality from authors who also appear to be prepared to offer a complete ecosystem of tools for malicious actors. 2016-03-10T16:30:00 Proofpoint Staff node/7388 https://www.proofpoint.com/us/threat-insight/post/Beyond-Vanilla-Phishing-Impostor-Email-Threats-Come-Of-Age Phishing isn’t going anywhere – it’s simply adapting to improved detection techniques to better target users and increase the payoffs from attacks. 2016-03-04T10:45:00 Christopher Dawson node/7285 https://www.proofpoint.com/us/threat-insight/post/Operation-Transparent-Tribe Proofpoint researchers uncover details about an advanced persistent threat against Indian diplomatic and military interests, centered around a remote access Trojan called MSIL/Crimson. 2016-03-01T16:30:00 Darien Huss node/7235 https://www.proofpoint.com/us/what-old-new-again-nymaim-moves-past-its-ransomware-roots-0 Proofpoint researchers track new campaigns using the not-so-new Nymaim Trojan. But some new twists are making this malware far more troublesome, including distribution via a large email marketing provider instead of the usual botnets. 2016-02-26T11:15:00 Proofpoint Staff node/7201 https://www.proofpoint.com/us/threat-insight/post/human-factor-2016-people-are-key The Human Factor reveals not just who is clicking what, but how threat actors are using social engineering to get people to perform the work of automated exploits. 2016-02-22T22:00:00 Proofpoint Staff node/7132 https://www.proofpoint.com/us/threat-insight/post/All-Your-Data-Are-Belong-To-Us Proofpoint researchers round up the latest ransomware variants making their rounds in the wild with deep dives into new variants. 2016-02-19T12:30:00 Aleksey F; Proofpoint Staff node/7117 https://www.proofpoint.com/us/threat-insight/post/Dridex-Actors-Get-In-the-Ransomware-Game-With-Locky Proofpoint researchers identified a new ransomware known as “Locky” that is being distributed by the spammers behind the majority of Dridex campaigns. 2016-02-16T16:15:00 Proofpoint Staff node/6948 https://www.proofpoint.com/us/threat-insight/post/Love-Hurts-Attackers-Aim-For-Would-Be-Valentines Proofpoint researchers find a Valentine’s spam campaign that can lead to infection with 7ev3n, a new ransomware variant with a very large ransom and a big incentive to pay. 2016-02-12T16:45:00 Proofpoint Staff node/6906 https://www.proofpoint.com/us/threat-insight/post/Obfuscation-Techniques-In-Phishing-Attacks Proofpoint researchers analyze multiple techniques for obfuscating phishing landing pages. 2016-02-10T13:30:00 Proofpoint Staff node/6894 https://www.proofpoint.com/us/threat-insight/post/Vawtrak-UrlZone-Banking-Trojans-Target-Japan Proofpoint researchers give further insights into recent Vawtrak and UrlZone campaigns in Japan and Spain. 2016-02-05T11:15:00 Proofpoint Staff node/6865 https://www.proofpoint.com/us/threat-insight/post/Dridex-JavaScript-Porta-Johns Proofpoint researchers track a new Dridex campaign with an unusual combination of vectors. 2016-02-03T16:45:00 Proofpoint Staff node/6843 https://www.proofpoint.com/us/threat-insight/post/exploring-bergard-old-malware-new-tricks Proofpoint researchers find new malware variants and evidence of emerging threats related to the Bergard Trojan through historical analysis and a deep dive into an ongoing campaign. 2016-01-28T09:00:00 Darien Huss node/6812 https://www.proofpoint.com/us/threat-insight/post/New-Year-More-Dridex Proofpoint researchers follow a new Dridex infection chain and explore the expanding distribution mechanisms for the malware juggernaut. 2016-01-25T14:15:00 Proofpoint Staff node/6757 https://www.proofpoint.com/us/threat-insight/post/Updated-Blackmoon-Banking-Trojan Proofpoint researchers analyze changes to the South Korea-targeted Blackmoon banking Trojan. 2016-01-19T09:15:00 Proofpoint Staff node/6650 https://www.proofpoint.com/us/threat-insight/post/An-Orthodox-Holiday-For-Some-Unorthodox-Actors Even bad actors take holidays and they aren’t just driven by the work schedules of their targets 2016-01-14T13:30:00 Christopher Dawson node/6651 https://www.proofpoint.com/us/threat-insight/post/DarkSideLoader-Rogue-App-Stores-Targeting-Non-Jailbroken-iOS-Devices Recently, Proofpoint Targeted Attack Protection Mobile Defense discovered apps on iOS devices – that is, iPhones and iPads – that did not match apps in the Apple App Store. 2015-12-23T04:00:00 Proofpoint Staff node/5344 https://www.proofpoint.com/us/threat-insight/post/gootkit-banking-trojan-jumps-channel First documented in mid-2014, the Gootkit banking Trojan appeared to focus solely on customers from several French banks.This JavaScript-based malware combines web-injects (a la Zeus) and a clever persistence technique to create a robust tool for stealing online banking logins and other credentials from users of infected systems. 2015-12-22T17:00:00 Proofpoint Staff node/5346 https://www.proofpoint.com/us/threat-insight/post/Risky-Mobile-Apps-Steal-Data Cybercriminals are increasingly targeting mobile users with free mobile apps in order to steal data – and nothing is sacred. Like a social media account with a large following, popular mobile apps give scammers a low-cost way to cast a very wide net. 2015-12-16T15:00:00 Proofpoint Staff node/5114 https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows Proofpoint researchers analyze a malvertising case that uses stealthy technique to pull in Angler exploit kit. 2015-12-15T09:15:00 Proofpoint Staff node/5165 https://www.proofpoint.com/us/threat-insight/post/abaddonpos-neue-point-sale-bedrohung-wird-vawtrak-zugeschrieben Einige der größten Datenschutzverletzungen der letzten Zeit wurden mithilfe von Point of Sale (POS)-Malware durchgeführt und richteten bei Einzelhändlern, Restaurants, Hotels und Organisationen verschiedenster Branchen großen Schaden an, wobei oft Endverbraucher in den USA betroffen waren. [1] Die Schutzverletzungen im Einzelhandel Ende 2013 zeigten bereits, dass diese Attacken, die früher von Cyberkriminellen als zu aufwendig und unpraktisch erachtet wurden, durchaus machbar und für Cyberkriminelle hoch profitabel sind. 2015-12-09T15:15:00 Darien Huss node/13086 https://www.proofpoint.com/us/threat-insight/post/Cybersecurity-Predictions-for-2016 The aggressive incorporation of social engineering techniques in the malicious document attachment campaigns that have dominated the threat landscape of 2015 highlights the central place of ‘the human factor’ in the attack chain. In 2016, people are the targets: from email and web to social media and mobile apps, attackers will build on the successes of 2015 by developing campaigns and vectors that leverage the human factor to bypass increasingly sophisticated automated detection and response capabilities. 2015-12-07T15:45:00 Proofpoint Staff node/5100 https://www.proofpoint.com/us/threat-insight/post/promoted-malware-example-malvertising-twitter It is not uncommon to find malware and phishing links from bad actors through tweets or posts on social media sites such as Facebook and Twitter. [1] [2] Although many users are susceptible to clicking on these links if they are not familiar with the malware-content patterns portrayed on social media, savvy users can avoid these pitfalls by looking for a few red flags, such as posts coming from a stranger or content that is full of grammatical errors. 2015-12-03T15:15:00 Proofpoint Staff node/5039 https://www.proofpoint.com/us/threat-insight/post/dridex-shifu-give-spam-bots-day-off Proofpoint threat researchers describe how Dridex campaigners take a break from email and instead shift to distributing their payloads through malvertising and exploit kits. 2015-11-18T13:45:00 Proofpoint Staff node/4912 https://www.proofpoint.com/us/threat-insight/post/AbaddonPOS-A-New-Point-Of-Sale-Threat-Linked-To-Vawtrak UPDATED 11/24/2015 Point of sale (PoS) malware has been implicated in some of the biggest recent data breaches, striking retailers, restaurants, hospitality and organizations from a variety of industries, and often targeting consumers in the US. [1] Once considered too difficult to carry out to be practical for cybercriminals, the retail breaches of late 2013 demonstrated that these attacks are both feasible and highly profitable for cybercriminals, and PoS malware has since continued to evolve and grow in both variety and sophistication. [2] 2015-11-11T13:15:00 Darien Huss node/4868 https://www.proofpoint.com/us/threat-insight/post/No-Rest-For-The-Wary The Proofpoint Threat Report for July-September 2015 shows that cybersecurity cannot take the summer off. 2015-11-04T22:15:00 Proofpoint Staff node/4809 https://www.proofpoint.com/us/threat-insight/post/Not-Yet-Dead Proofpoint researchers analyze the recent return to operations of the Dridex actors and identify several important changes in behavior. 2015-10-30T20:30:00 Proofpoint Staff node/4704 https://www.proofpoint.com/us/threat-insight/post/Social-Media-Meets-Customer-Care-Tweeters-Beware Many organizations are turning to a new mechanism to deliver customer care: social media. A preferred communication channel for many consumers, social media provides a low-cost model for the business to respond to inquiries. However, any time a communication link between a business and consumers appears, bad actors and criminals look for ways to take advantage of it. 2015-10-14T08:30:00 Proofpoint Staff node/4576 https://www.proofpoint.com/us/threat-insight/post/dyre-malware-campaigners-innovate-distribution-techniques This week, Proofpoint researchers observed the now infamous “man-in-the-browser” (MITB) banking malware Dyre experimenting with new ways to deliver spam attachments. These innovations included two significant changes in Dyre behavior: 2015-10-08T22:00:00 Proofpoint Staff node/4563 https://www.proofpoint.com/us/threat-insight/post/While-Dridex-Is-Away-Cryptowall-And-Vawtrak-Play Proofpoint data shows which malware benefited from the recent pause in Dridex campaigns. 2015-10-07T13:15:00 Proofpoint Staff node/4460 https://www.proofpoint.com/us/threat-insight/post/In-The-Shadows In what is likely to be a short-lived cessation in Dridex campaigns while the criminal proponents behind that malware scramble to find a new delivery channel, it appears as though other malware purveyors may be positioning themselves to take additional market share of the lucrative crimeware arena. One recent development saw Vawtrak, previously a second-tier banking and information stealing trojan, emerge with new capabilities — most notably new methods for data encoding and changes to C2 communication that appear to be an attempt to improve on the malware’s detection evasion. 2015-10-01T12:00:00 Darien Huss and Matthew Mesa node/4221 https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-Fulfillment-Warehousing-Industry Within the last week, the now infamous “man-in-the-browser” (MITB) banking malware Dyreza appears to have significantly expanded its target set of entities from which to steal credentials. 2015-09-28T10:30:00 Proofpoint Staff node/4179 https://www.proofpoint.com/us/threat-insight/post/Meet-GreenDispenser On the heels of recent disclosures of ATM malware such as Suceful, Plotus and Padpin (aka Tyupkin), Proofpoint research has discovered yet another variant of ATM malware. 2015-09-24T06:00:00 Thoufique Haq node/4158 https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-Back-Into-View Earlier this year, researchers published analyses of targeted attack known as Operation Arid Viper (aka Desert Falcons, aka DHS) directed primarily at organizations in the Middle East. 2015-09-18T10:30:00 Proofpoint Staff node/4142 https://www.proofpoint.com/us/threat-insight/post/PlugX-in-Russia Proofpoint researchers recently observed a campaign targeting telecom and military in Russia. Beginning in July 2015 (and possibly earlier), the attack continued into August and is currently ongoing. 2015-09-15T14:30:00 Thoufique Haq & Aleksey F node/4130 https://www.proofpoint.com/us/threat-insight/post/Too-Many-Crooks-in-the-Kitchen What happens when threat actors overload an exploit kit? Proofpoint researchers open door of a malware clown car. 2015-09-04T11:45:00 Proofpoint Staff node/3945 https://www.proofpoint.com/us/threat-insight/post/Hunter-Exploit-Kit-Targets-Brazilian-Banking-Customers Proofpoint threat researchers analyze a new exploit kit priced to bring flexible malware delivery to cost-conscious cybercriminals. 2015-08-27T16:45:00 Proofpoint Staff node/3879 https://www.proofpoint.com/us/threat-insight/post/You-Dirty-RAT The media recently reported [1] on a potential targeted cyberattack on Alberto Nisman, an Argentine prosecutor who was found dead under mysterious circumstances. 2015-08-14T20:00:00 Thoufique Haq node/3803 https://www.proofpoint.com/us/threat-insight/post/Top-Trends-of-2015 Proofpoint review of threat trends for the first six months of 2015 finds that cybercriminals have changed tactics and techniques as they target business users with increasingly malicious campaigns. 2015-08-13T11:15:00 Proofpoint Staff node/3765 https://www.proofpoint.com/us/threat-insight/post/Dead-Phish-Bounce Proofpoint threat analysts show how the backscatter from bounced phishing messages can alert ab organization that their brand is being misused to carry out credential phishing. 2015-08-06T11:30:00 Proofpoint Staff node/3710 https://www.proofpoint.com/us/threat-insight/post/The-Missing-LNK Proofpoint researchers analyze a large, single-day campaign that used LNK attachments to deliver the Dridex banking Trojan. 2015-07-29T11:30:00 Proofpoint Staff node/3632 https://www.proofpoint.com/us/threat-insight/post/Fleurs-du-malware Phishing campaigns use document attachments and malicious macros to target French banking customers. 2015-07-13T14:30:00 Proofpoint Staff node/3256 https://www.proofpoint.com/us/threat-insight/post/What-Are-Users-Clicking-On Changes in phishing lure templates demonstrate cybercriminals’ ability to rapidly change tactics in order to exploit ‘the human factor.’ 2015-07-01T06:00:00 Proofpoint Staff node/3138 https://www.proofpoint.com/us/threat-insight/post/Light-After-Dark The Sundown exploit kit is a recent addition to the field of EKs, and Proofpoint researchers have now detected it distributing a new remote access Trojan (RAT). 2015-06-25T06:00:00 Proofpoint Staff node/3147 https://www.proofpoint.com/us/threat-insight/post/not-so-innocents-abroad-dridex-actor-shifts-focus-to-europe Dridex actors are taking their malicious macro campaigns abroad. 2015-06-18T06:00:00 Proofpoint Staff node/3012 https://www.proofpoint.com/us/threat-insight/post/Its-Not-Personal-Its-Business Why are malicious macro email campaigns so popular with cybercriminals? Proofpoint researchers examine underground forums to find out. 2015-06-10T06:00:00 Proofpoint Staff node/2970 https://www.proofpoint.com/us/threat-insight/post/When-Threat-Intelligence-Meets-Business-Intelligence Changes in success tracking enable Dridex threat actors to assess not only technical efficacy, but also demonstrate ROI for their malware innovations. 2015-05-21T06:00:00 Proofpoint Staff node/2595 https://www.proofpoint.com/us/threat-insight/post/Best-Practices-in-Incident-Response-Automation What does “automation” mean in the context of incident response? This week, Proofpoint security researchers discuss the meaning and best practices for automating incident response. 2015-05-13T06:00:00 Proofpoint Staff node/2490 https://www.proofpoint.com/us/threat-insight/post/Foot-in-the-Door In a clever attack that combines the phishing and social engineering, cybercriminals use a popular job search site to infiltrate their targets. 2015-04-29T10:30:00 Proofpoint Staff node/2329 https://www.proofpoint.com/us/threat-insight/post/The-Human-Factor-2015 In The Human Factor report for 2015, Proofpoint threat researchers analyze the templates and techniques cybercriminals used to help ensure that every organization continued to click. 2015-04-22T06:00:00 node/2292 https://www.proofpoint.com/us/threat-insight/post/Fraud-Feeds-Phishing-in-Tax-themed-Email-Campaign As the April 15 filing deadline draws near, Proofpoint researchers have seen attackers shift their lures from IRS-themed communications to tax-filing tool lures with a fraud-prevention theme. 2015-04-15T06:00:00 Proofpoint Staff node/2228 https://www.proofpoint.com/us/threat-insight/post/Social-Media-Swishes-and-Fouls-in-the-Final-Four Proofpoint Nexgate researchers continue their analysis of social media accounts of the NCAA Men’s Final Four® teams during the final weeks of the tournament. 2015-04-09T06:00:00 Proofpoint Staff node/2200 https://www.proofpoint.com/us/threat-insight/post/It-Takes-a-Fish-to-Catch-a-Phish Proofpoint security researchers show that it takes a “fish” to catch a phish. 2015-04-01T06:00:00 node/2140 https://www.proofpoint.com/us/social-media-and-march-madness-predictive-or-problematic Proofpoint research shows March Madness brand abuse of social media can yield fans and favorites for bad actors. 2015-03-25T06:00:00 node/2105 https://www.proofpoint.com/us/threat-insight/post/Run-on-Close-Macros-Try-to-Shut-the-Door-on-Sandboxes Macro malware adds evasion technique and extends the cat and mouse game between malware writers and detection tools. 2015-03-19T06:00:00 Proofpoint Staff node/2081 https://www.proofpoint.com/us/threat-insight/post/Make-Some-Social-Media-Noise Proofpoint research suggests a correlation between social media cheerleading and NCAA basketball tournament success. 2015-03-12T06:00:00 Proofpoint Staff node/2002 https://www.proofpoint.com/us/threat-insight/post/Theres-a-Macro-in-your-Sandbox Proofpoint security researchers recently analyzed a Dridex email campaign that demonstrates the adoption of sophisticated sandbox evasion techniques by malicious macros. 2015-03-11T19:00:00 Proofpoint Staff node/2003 https://www.proofpoint.com/us/threat-insight/post/What-Attachments As the use of cloud-based documents becomes more and more widespread, phishing campaigners have also been leveraging this behavior as a lure for their messages to the benefit of their effectiveness. 2015-03-05T06:00:00 Proofpoint Staff node/1940 https://www.proofpoint.com/us/threat-insight/post/Global-Social-Fake As part of its risk intelligence and research practices, Proofpoint Nexgate recently analyzed data on social media accounts of ten of the top UK FTSE 100 brands, and found that the risks and threat activity for UK enterprise brands are trending higher. 2015-03-02T14:00:00 Proofpoint Staff node/1905 https://www.proofpoint.com/us/threat-insight/post/Phish-Pharm Like the farming practice of using fish remains as fertilizer, modern attackers are using phishing emails to attempt to improve the yields of their pharming campaigns. 2015-02-26T06:00:00 Proofpoint Staff node/1884 https://www.proofpoint.com/us/threat-insight/post/LogIn-Waz-Here This week, Proofpoint security researchers detected what appears to be a new Dridex botnet with some unique behavior. 2015-02-20T14:15:00 Proofpoint Staff node/1867 https://www.proofpoint.com/us/threat-insight/post/Looking-Back-at-2014 The December 2014 Proofpoint Threat Report gives us an opportunity to highlight and examine some noteworthy trends that emerged in the email threat landscape last year. 2015-02-11T19:00:00 Proofpoint Staff node/1782 https://www.proofpoint.com/us/threat-insight/post/Looking-for-Love-in-All-the-Wrong-Places Social media data scams can lead victims to look for love in the wrong places. 2015-02-10T11:30:00 Proofpoint Staff node/1781 https://www.proofpoint.com/us/threat-insight/post/Dyre-Straits-Evolution-of-the-Dyre-Banking-Trojan-Challenges-Traditional-Defenses The sudden and rapid evolution of Dyre to incorporate evasion techniques often associated with more sophisticated, targeted threats highlights a central challenge of today’s threat landscape. 2015-02-05T06:00:00 Proofpoint Staff node/1703 https://www.proofpoint.com/us/threat-insight/post/Social-Media-and-Brand-Risk Social media is a whole new ballgame for cybersecurity, and most businesses have yet to organize their defense for this new challenge. 2015-01-29T06:00:00 Proofpoint Staff node/1617 https://www.proofpoint.com/us/threat-insight/post/Tax-Return-Malware-Attacks April 15 is still months away, but phishers are already filing their campaigns in hopes of an early return. 2015-01-27T07:00:00 Proofpoint Staff node/1580 https://www.proofpoint.com/us/threat-insight/post/Why-We-Should-Talk-About-Incident-Response Information security often focuses on the “cool” exploit and detection side of cyber-defense, but the importance of incident response is gaining attention. 2015-01-22T07:00:00 Proofpoint Staff node/1497 https://www.proofpoint.com/us/threat-insight/post/russia-phish-spear-you Spearfishing and spear-phishing may be homonyms, but they have vastly different meanings and apply in very different contexts. Spearfishing is a form of fishing in which the fisherman attempts to impale a fish upon a spear, which can be thrust or thrown by hand, or fired from a spear gun. 2015-01-14T13:30:00 Proofpoint Staff node/1769 https://www.proofpoint.com/us/threat-insight/post/New-Dridex-Botnet-Drives-Massive-Surge-in-Malicious-Attachments The Dridex banking Trojan is already well-known and documented in analyses by security researchers from Proofpoint and other organizations. Over the last week, Proofpoint researchers detected a sudden change in Dridex behavior that represented the entrance of a new actor and a significantly increased danger to many organizations. 2014-12-23T06:00:00 Kimberly node/1711 https://www.proofpoint.com/us/threat-insight/post/Cybersecurity-Predictions-2015 2014 was a year in which information security vaulted into the public eye, driven by a surge in both the number and the visibility of data breaches and compromises. 2014-12-17T07:00:00 Proofpoint Staff node/801 https://www.proofpoint.com/us/account-statement-phish-masks-emotet-malware-german-users-de In den vergangenen Wochen hat Proofpoint eine ziemlich große, fortlaufende Kampagne mit unerwünschten E-Mails erkannt, die deutsche Anwender mit Phishing-Ködern zu locken versucht, um den Banking-Trojaner Emotet auf ihre Rechner zu bringen. Die Kampagne trickst die Reputationsfilter aus, indem pro Tag auf Dutzenden manipulierter Websites geklickt wird, von denen E-Mails mit einer gängigen und effektiven Vorlage des Typs „Kontobenachrichtigung“ verschickt werden. 2014-12-04T07:00:00 Proofpoint Staff node/1980 https://www.proofpoint.com/us/threat-insight/post/account-statement-phish-masks-emotet-malware-german-users Over the past several weeks Proofpoint has detected a fairly large and ongoing unsolicited email campaign that targets German users with phishing lures designed to deliver the Emotet banking Trojan. The campaign stays ahead of reputation filters by cycling through several dozen compromised websites per day, delivering emails that employ a common and effective “account notification” template. 2014-12-04T07:00:00 Proofpoint Staff node/588 https://www.proofpoint.com/us/threat-insight/post/how-steal-access-over-500000-bank-accounts The insider view of a Russian cybercrime infrastructure. Proofpoint security researchers have published an analysis that exposes the inner workings of a cybercrime operation targeting online banking credentials for banks in the United States and Europe. 2014-10-07T07:00:00 Proofpoint Staff node/327 https://www.proofpoint.com/us/threat-insight/post/Your-Fridge-is-Full-of-SPAM-Part-2 Our press release on a malicious email campaign that used the Internet of Things (IoT) and the subsequent blog entry listing the chipsets and OSes we saw and additional types of devices has generated a lot more interest than we expected. 2014-01-21T06:00:00 node/2388 https://www.proofpoint.com/us/threat-insight/post/Your-Fridge-is-Full-of-SPAM Over the December holidays, one of our researchers discovered proof of a much-theorized but we believe never before seen in the wild security breach. 2014-01-16T06:00:00 node/2386